Software applications may provide devices with additional functionality that is not originally built into the devices. For example, smart phone users may download mobile apps to increase productivity or for entertainment. However, devices are often susceptible to malicious applications that may package malware in the installation bundles of the applications themselves. When a user downloads a compromised application, the malware may gain access to the device.
Security software traditionally attempts to monitor applications that run on a device in order to identify malware and mitigate threats. However, in some cases, a vulnerable application might open other files that are harmful, even if the application itself is not an immediate threat. For example, a user may use an application that has no internal security controls to download and open a malicious media file. In these cases, traditional security measures may be unable to directly access and evaluate the harmful files being opened through the vulnerable application. Additionally, in other cases, user interaction may not even be necessary in order for the vulnerable application to attempt to open a malicious file. Thus, malware can take advantage of application vulnerabilities or coordinate with malicious applications to infect devices without being detected by traditional security software. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for preventing vulnerable files from being opened.